413 matches found
The vulnerability of the ffmpeg software for video surveillance management systems, ZoneMinder, exists due to an incorrect path name limitation for the restricted access directory. This allows attackers to execute arbitrary code.
The vulnerability of the ffmpeg software used by ZoneMinder involves incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host with the software running...
The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, arises due to an incorrect restriction on the path to the restricted access catalog. This allows a malicious user to execute arbitrary code.
The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the UnRAR decompression tool lies in the incorrect limitation of the path name for the restricted access directory, allowing a hacker to re-record any files.
The vulnerability of the UnRAR decompression tool is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files using a specially created archive...
GHSA-6H58-C7R7-G2HW UberFire Framework Improperly Restricts Paths
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
UberFire Framework Improperly Restricts Paths
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
GHSA-5P59-V5WM-77V4 Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...
Denial of Service in http-swagger
Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. Patches Yes. Please upgrade to v1.2.6. Workarounds A workaround is to restrict the path prefix to the "GET" method. As shown below func main r := mux.NewRouter...
The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code or carry out cross-site scripting attacks.
The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform XSS attacks remotely...
The vulnerability of the command interface of Cisco IP Phone microprogramming software arises due to an incorrect restriction on the path to the restricted access directory. This allows a malicious individual to read any file in the device’s file system.
The vulnerability of the command interface of Cisco IP Phone microprogramming software exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a attacker to read any file in the device’s file system...
CVE-2022-24854
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...
PT-2022-3875 · Cisco · Cisco Iox +1
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue allows an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications...
PT-2022-2849 · Cisco · Cisco Iox +1
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operati...
PT-2022-2300 · Cisco · Cisco Iox +1
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of a directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execute...
PT-2022-2299 · Cisco · Cisco Iox +1
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of the directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execut...
PT-2022-2301 · Cisco · Cisco Iox +1
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue allows an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications...
The vulnerability of Adobe Illustrator’s graphic editor lies in the incorrect limitation of the path name to the restricted access catalog, allowing attackers to execute arbitrary code.
The vulnerability of Adobe Illustrator’s graphic editor is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in the incorrect restriction on the path name to the restricted catalog, allowing a hacker to read arbitrary files.
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to an incorrect limitation on the path name used to access the restricted catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files by sending a...
PT-2022-4185 · Unknown +1 · Passwork On-Premise Edition +1
Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. This allows a remote attacker to upload arbitrary files to the system. The...
The vulnerability of the Magento Commerce software development and management platform lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to execute arbitrary code.
The vulnerability of the Magento Commerce development and management software platform relates to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
CVE-2021-22804
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...